From af2c434efa49830b87f2e451e71cf572d3a56b0f Mon Sep 17 00:00:00 2001 From: Yuhui Zhong Date: Mon, 5 Jan 2015 20:19:05 -0800 Subject: [PATCH] Update xml help file (Jan 05 version) --- ...osoft.Azure.Commands.KeyVault.dll-Help.xml | 1672 +---------------- 1 file changed, 100 insertions(+), 1572 deletions(-) diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.dll-Help.xml b/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.dll-Help.xml index 3b1e8c731b11..e96c49f92303 100644 --- a/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.dll-Help.xml +++ b/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.dll-Help.xml @@ -1,1582 +1,110 @@ - - - Add-AzureKeyVaultKey - - Creates a key in a vault or imports a key into a vault. - - - - - Add - AzureKeyVaultKey - - - - - The Add-AzureKeyVaultKey cmdlet creates a key in an Azure Key Vault, or imports a key into a vault. Use this cmdlet to add keys in the following ways: +Add-AzureKeyVaultKeyCreates a key in a vault or imports a key into a vault. AddAzureKeyVaultKeyThe Add-AzureKeyVaultKey cmdlet creates a key in an Azure Key Vault, or imports a key into a vault. Use this cmdlet to add keys by using any of the following methods: - -- Create a key in a hardware security module (HSM) in the Azure Key Vault service. - -- Create a key in software in the Azure Key Vault service. - -- Import a key from a hardware security module (HSM) to the Azure Key Vault service, by using a file that has the .byok file extension. - -- Import a key from software by using a file that has the .pfx file name extension. - -- Import a key from software to a key in a hardware security module (HSM) in the Azure Key Vault service by using a file that has the .pfx file name extension. +-- Create a key in a hardware security module (HSM) in the Azure Key Vault service. +-- Create a key in software in the Azure Key Vault service. +-- Import a key from your own hardware security module (HSM) to HSMs in the Azure Key Vault service. +-- Import a key from a .pfx file on your computer. +-- Import a key from a .pfx file on your computer to hardware security modules (HSMs) in the Azure Key Vault service. - For any of these operations, you can provide key attributes or accept default settings. - - - - - Add-AzureKeyVaultKey - - VaultName - - Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - Name - - Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - Destination - - Specifies whether the key is a software key or an HSM key. Valid values are: HSM and Software. - If you do not specify this parameter, and this cmdlet creates a key, it creates a software key. If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM key. The cmdlet cannot import that key as software key. If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software key. - - - HSM - Software - - - - Disable - - Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later. - - - - Expires - - Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire. - - Nullable [System.DateTime] - - - KeyFilePassword - - Specifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension. - - SecureString - - - KeyOps - - Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed. - - The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: +For any of these operations, you can provide key attributes or accept default settings. - -- Encrypt - -- Decrypt - -- Wrap - -- Unwrap - -- Sign - -- Verify - -- Backup - -- Restore - - - String[] - - - NotBefore - - Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. - - Nullable [System.DateTime] - - - KeyFilePath - - Specifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx. - - String - - - - Add-AzureKeyVaultKey - - VaultName - - Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - Name - - Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - Disable - - Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later. - - - - Expires - - Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire. - - Nullable [System.DateTime] - - - KeyOps - - Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed. - - The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: +If you create or import a key that has the same name as an existing key in your key vault, the original key is updated with the values that you specify for the new key. You can access the previous values by using the version-specific URI for that version of the key. To learn about key versions and the URI structure, see “About Keys and Secrets” in the Key Vault REST API documentation (http://go.microsoft.com/fwlink/?linkid=518560). - -- Encrypt - -- Decrypt - -- Wrap - -- Unwrap - -- Sign - -- Verify - -- Backup - -- Restore - - - String[] - - - NotBefore - - Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. - - Nullable [System.DateTime] - - - Destination - - Specifies whether the key is a software key or an HSM key. Valid values are: HSM and Software. - If you do not specify this parameter, and this cmdlet creates a key, it creates a software key. If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM key. The cmdlet cannot import that key as software key. If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software key. - - - HSM - Software - - - - - - - Destination - - Specifies whether the key is a software key or an HSM key. Valid values are: HSM and Software. - If you do not specify this parameter, and this cmdlet creates a key, it creates a software key. If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM key. The cmdlet cannot import that key as software key. If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software key. - - String - - String - - - none - - - Disable - - Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later. - - SwitchParameter - - SwitchParameter - - - none - - - Expires - - Specifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire. - - Nullable [System.DateTime] - - Nullable [System.DateTime] - - - none - - - KeyFilePassword - - Specifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension. - - SecureString - - SecureString - - - none - - - KeyFilePath - - Specifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx. - - String - - String - - - none - - - KeyOps - - Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed. - - The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: +Note: To import a key from your own hardware security module, you must first generate a BYOK package (a file with a .byok file name extension) by using the Azure Key Vault BYOK toolset. For more information, see How to Generate and Transfer HSM-Protected Keys for Azure Key Vault (http://go.microsoft.com/fwlink/?LinkId=522252).Add-AzureKeyVaultKeyVaultNameSpecifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringNameSpecifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).StringDestinationSpecifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software. Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional: - -- Encrypt - -- Decrypt - -- Wrap - -- Unwrap - -- Sign - -- Verify - -- Backup - -- Restore - - - String[] - - String[] - - - none - - - Name - - Specifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - String - - - none - - - NotBefore - - Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. - - Nullable [System.DateTime] - - Nullable [System.DateTime] - - - none - - - VaultName - - Specifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - String - - - none - - - - - - String, String[], System.DateTime - - - - - - - - - - - - - - Microsoft.Azure.Commands.KeyVault.Models.KeyBundle - - - - - - - - - - - - - - - Example 1: Create a key - - - - - PS C:\>Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITSoftware" - - - This command creates a key named ITSoftware in the vault named Contoso. - - - - - - - - - Example 2: Create an HSM key - - - - - PS C:\>Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITHsm" -Destination "HSM" - - - This command creates an HSM key in the vault named Contoso. - - - - - - - - - Example 3: Create a key with non-default values - - - - - PS C:\>$KeyOperations = "decrypt", "verify" -PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() -PS C:\> $NotBefore=(Get-Date).ToUniversalTime() -PS C:\> Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITHsmNonDefault" -Destination "HSM" -Expires $Expires -NotBefore $NotBefore -KeyOps $KeyOperations -Disable - - - The first command stores the values decrypt and verify in the $KeyOperations variable. - The second command creates a DateTime object, defined in UTC, by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date. - The third command creates a DateTime object by using the Get-Date cmdlet. That object specifies current UTC time. The command stores that date in the $NotBefore variable. - The final command creates a key named ITHsmNonDefault that is an HSM key. The command specifies values for allowed key operations stored $KeyOperations. The command specifies times for the Expires and NotBefore parameters created in the previous commands. The new key is disabled. You can enable it by using the Set-AzureKeyVaultKey cmdlet. - - - - - - - - - Example 4: Import an HSM key - - - - - PS C:\>Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITByok" -KeyFilePath "C:\Contoso\ITByok.byok" -Destination "HSM" - - - This command imports the key named ITByok from the location that the KeyFilePath parameter specifies. The imported key is an HSM key. - - - - - - - - - Example 5: Import a software-protected key - - - - - PS C:\>$Password = ConvertTo-SecureString -String "password" -AsPlainText -Force -PS C:\> Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITPfx" -KeyFilePath "C:\Contoso\ITPfx.pfx" -KeyFilePassword $Password - - - The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable. For more information, type Get-Help ConvertTo-SecureString. - The second command creates a software password in the Contoso vault. The command specifies the location for the key and the password stored in $Password. - - - - - - - - - Example 6: Import a key and assign attributes - - - - - PS C:\>$Password = ConvertTo-SecureString -String "password" -AsPlainText -Force -PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() -PS C:\> Add-AzureKeyVaultKey -VaultName "Contoso" -Name "ITPfxToHSM" -Destination "HSM" -KeyFilePath "C:\Contoso\ITPfx.pfx" -KeyFilePassword $Password -Expires $Expires - - - The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable. - The second command creates a DateTime object by using the Get-Date cmdlet, and then stores that object in the $Expires variable. - The final command imports a key as an HSM key from the specified location. The command specifies the expiration time stored in $Expires and password stored in $Password. - - - - - - - - - - - Online Version: - http://go.microsoft.com/fwlink/?LinkId=520396 - - - Get-AzureKeyVaultKey - - - - Remove-AzureKeyVaultKey - - - - Set-AzureKeyVaultKey - - - - - - - Get-AzureKeyVaultKey - - Gets the keys in a vault. - - - - - Get - AzureKeyVaultKey - - - - The Get-AzureKeyVaultKey cmdlet gets the keys in an Azure Key Vault. This cmdlet gets a specific Microsoft.Azure.Commands.KeyVault.Models.KeyBundle or a list of all KeyBundle objects in a vault. - - - - Get-AzureKeyVaultKey - - VaultName - - Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your selected environment. - - String - - - Version - - Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version. - - String - - - Name - - Specifies the name of the key to get. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - - Get-AzureKeyVaultKey - - Name - - Specifies the name of the key to get. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - VaultName - - Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your selected environment. - - String - - - - - - Name - - Specifies the name of the key to get. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - String - - - none - - - VaultName - - Specifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your selected environment. - - String - - String - - - none - - - Version - - Specifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version. - - String - - String - - - none - - - - - - String - - - - - - - - - - - - - - List<Microsoft.Azure.Commands.KeyVault.Models.KeyBundle>, Microsoft.Azure.Commands.KeyVault.Models.KeyBundle - - - - - - - - - - - - - - - Example 1: Get all the keys in a vault - - - - - PS C:\>Get-AzureKeyVaultKey -VaultName "Contoso" - - - This command gets all the keys in the vault named Contoso. - - - - - - - - - Example 2: Get a specific key - - - - - PS C:\>$key = Get-AzureKeyVaultKey -VaultName "Contoso" -KeyName "ITPfx" - - - This command gets the key named ITPfx in the vault named Contoso. After running this command, you can inspect various properties of the key by navigating the $key object. - - - - - - - - - - - Online Version: - http://go.microsoft.com/fwlink/?LinkId=521395 - - - Add-AzureKeyVaultKey - - - - Remove-AzureKeyVaultKey - - - - Set-AzureKeyVaultKey - - - - - - - Get-AzureKeyVaultSecret - - Gets the secrets in a vault. - - - - - Get - AzureKeyVaultSecret - - - - The Get-AzureKeyVaultSecret cmdlet gets secrets in an Azure Key Vault. This cmdlet gets a specific secret or all the secrets in a vault. - - - - Get-AzureKeyVaultSecret - - VaultName - - Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - Version - - Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version. - - String - - - Name - - Specifies the name of a secret to get. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - - Get-AzureKeyVaultSecret - - Name - - Specifies the name of a secret to get. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - VaultName - - Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - - - - Name - - Specifies the name of a secret to get. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - String - - - none - - - VaultName - - Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - String - - - none - - - Version - - Specifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version. - - String - - String - - - none - - - - - - String - - - - - - - - - - - - - - List<Microsoft.Azure.Commands.KeyVault.Models.Secret>, Microsoft.Azure.Commands.KeyVault.Models.Secret - - - - - - - - - - - - - - - Example 1: Get all the secrets in a vault - - - - - PS C:\>Get-AzureKeyVaultSecret -VaultName "Contoso" - - - This command gets all the secrets in the vault named Contoso. - - - - - - - - - Example 2: Get a specific secret - - - - - PS C:\>Get-AzureKeyVaultSecret -VaultName "Contoso" -KeyName "ITSecret" - - - This command gets the secret named ITSecret in the vault named Contoso. - - - - - - - - - - - Online Version: - http://go.microsoft.com/fwlink/?LinkId=521396 - - - Remove-AzureKeyVaultSecret - - - - Set-AzureKeyVaultSecret - - - - - - - Remove-AzureKeyVaultKey - - Deletes a key in a vault. - - - - - Remove - AzureKeyVaultKey - - - - The Remove-AzureKeyVaultKey cmdlet deletes a key in an Azure Key Vault. This cmdlet has a value of high for the ConfirmImpact property. - - - - Remove-AzureKeyVaultKey - - VaultName - - Specifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - Name - - Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - Force - - Indicates that this cmdlet does not prompt you for confirmation. - - - - PassThru - - Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not return a value. - - - - - - - Force - - Indicates that this cmdlet does not prompt you for confirmation. - - SwitchParameter - - SwitchParameter - - - none - - - Name - - Specifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - String - - - none - - - PassThru - - Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not return a value. - - SwitchParameter - - SwitchParameter - - - none - - - VaultName - - Specifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - String - - - none - - - - - - String - - - - - - - - - - - - - - Microsoft.Azure.Commands.KeyVault.Models.KeyBundle - - - - - - - This cmdlet returns a value only if you specify the PassThru parameter. - - - - - - - - Example 1: Remove a key from a vault - - - - - PS C:\>Remove-AzureKeyVaultKey -VaultName "Contoso" -Name "ITSoftware" - - - This command removes the key named ITSoftware from the vault named Contoso. - - - - - - - - - Example 2: Remove a key without user confirmation - - - - - PS C:\>Remove-AzureKeyVaultKey -VaultName "Contoso" -Name "ITSoftware" -Force -Confirm:$False - - - This command removes the key named ITSoftware from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation. - - - - - - - - - Example 3: Remove keys by using the pipeline operator - - - - - PS C:\>Get-AzureKeyVaultKey -VaultName Contoso | Where-Object {$_.Attributes.Enabled -eq $False} | Remove-AzureKeyVaultKey - - - This command gets all the keys in the vault named Contoso, and passes them to the Where-Object cmdlet by using the pipeline operator. That cmdlet passes the keys that have a value of $False for the Enabled attribute to the current cmdlet. That cmdlet removes those keys. - - - - - - - - - - - Online Version: - http://go.microsoft.com/fwlink/?LinkId=521397 - - - Add-AzureKeyVaultKey - - - - Get-AzureKeyVaultKey - - - - Set-AzureKeyVaultKey - - - - - - - Remove-AzureKeyVaultSecret - - Deletes a secret in a vault. - - - - - Remove - AzureKeyVaultSecret - - - - The Remove-AzureKeyVaultSecret cmdlet deletes a secret in an Azure Key Vault. This cmdlet has a value of high for the ConfirmImpact property. - - - - Remove-AzureKeyVaultSecret - - VaultName - - Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - Name - - Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - Force - - Indicates that this cmdlet does not prompt you for confirmation. - - - - PassThru - - Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not return a value. - - - - - - - Force - - Indicates that this cmdlet does not prompt you for confirmation. - - SwitchParameter - - SwitchParameter - - - none - - - Name - - Specifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - String - - - none - - - PassThru - - Indicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not return a value. - - SwitchParameter - - SwitchParameter - - - none - - - VaultName - - Specifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - String - - - none - - - - - - String - - - - - - - - - - - - - - Microsoft.Azure.Commands.KeyVault.Models.Secret - - - - - - - This cmdlet returns a value only if you specify the PassThru parameter. - - - - - - - - Example 1: Remove a secret from a vault - - - - - PS C:\>Remove-AzureKeyVaultSecret -VaultName "Contoso" -Name "FinanceSecret" - - - This command removes the secret named FinanceSecret from the vault named Contoso. - - - - - - - - - Example 2: Remove a secret from a vault without user confirmation - - - - - PS C:\>Remove-AzureKeyVaultSecret -VaultName "Contoso" -Name "FinanceSecret" -Force -Confirm:$False - - - This command removes the secret named FinanceSecret from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation. - - - - - - - - - - - Online Version: - http://go.microsoft.com/fwlink/?LinkId=521398 - - - Get-AzureKeyVaultSecret - - - - Set-AzureKeyVaultSecret - - - - - - - Set-AzureKeyVaultKey - - Update the attributes of a key in a vault. - - - - - Set - AzureKeyVaultKey - - - - The Set-AzureKeyVaultKey cmdlet updates the editable attributes of a key in an Azure Key Vault. - - - - Set-AzureKeyVaultKey - - VaultName - - Specifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - Name - - Specifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - Enable - - Specifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key. - - Nullable [Boolean] - - - Expires - - Specifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. - - Nullable [System.DateTime] - - - KeyOps - - Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed. - - The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: +-- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key. - -- Encrypt - -- Decrypt - -- Wrap - -- Unwrap - -- Sign - -- Verify - -- Backup - -- Restore - - - String[] - - - NotBefore - - Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. - - Nullable [System.DateTime] - - - - - - Enable - - Specifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key. - - Nullable [Boolean] - - Nullable [Boolean] - - - none - - - Expires - - Specifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. - - Nullable [System.DateTime] - - Nullable [System.DateTime] - - - none - - - KeyOps - - Specifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed. - - The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: +-- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.HSMSoftwareDisableIndicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.ExpiresSpecifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.Nullable [DateTime]KeyFilePasswordSpecifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension. SecureStringKeyOpsSpecifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: - -- Encrypt - -- Decrypt - -- Wrap - -- Unwrap - -- Sign - -- Verify - -- Backup - -- Restore - - - String[] - - String[] - - - none - - - Name - - Specifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - String - - - none - - - NotBefore - - Specifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. - - Nullable [System.DateTime] - - Nullable [System.DateTime] - - - none - - - VaultName - - Specifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - String - - - none - - - - - - String, Boolean, System.DateTime - - - - - - - - - - - - - - Microsoft.Azure.Commands.KeyVault.Models.KeyBundle - - - - - - - - - - - - - - - Example 1: Modify a key - - - - - PS C:\>$Expires= (Get-Date).AddYears(2).ToUniversalTime() -PS C:\> Set-AzureKeyVaultKey -VaultName "Contoso" -Name "ITSoftware" -Expires $Expires -Enable $True - - - The first command creates a DateTime object by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date. - The second command modifies a key named ITSoftware. The command enables the key and sets its expiration time to the time stored in $Expires. - - - - - - - - - - - Online Version: - http://go.microsoft.com/fwlink/?LinkId=521399 - - - Add-AzureKeyVaultKey - - - - Get-AzureKeyVaultKey - - - - Remove-AzureKeyVaultKey - - - - - - - Set-AzureKeyVaultSecret - - Creates or updates a secret in a vault. - - - - - Set - AzureKeyVaultSecret - - - - The Set-AzureKeyVaultSecret cmdlet creates or updates a secret in an Azure Key Vault. If the secret does not exist, this cmdlet creates it. If the secret already exists, this cmdlet replaces it with the value that you specify. - - - - Set-AzureKeyVaultSecret - - VaultName - - Specifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - - Name - - Specifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - - SecretValue - - Specifies the value for the secret. - - SecureString - - - - - - Name - - Specifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment. - - String - - String - - - none - - - SecretValue - - Specifies the value for the secret. - - SecureString - - SecureString - - - none - - - VaultName - - Specifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. - - String - - String - - - none - - - - - - String, SecureString - - - - - - - - - - - - - - Microsoft.Azure.Commands.KeyVault.Models.Secret - - - - - - - - - - - - - - - Example 1: Modify the value of a secret - - - - - PS C:\>$Secret = ConvertTo-SecureString -String "password" -AsPlainText -Force -PS C:\> Set-AzureKeyVaultSecret -VaultName "Contoso" -Name "ITSecret" -SecretValue $Secret - - - The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString. - The second command modifies value of the secret named ITSecret in the vault named Contoso. The secret value becomes the value stored in $Secret. - - - - - - - - - - - Online Version: - http://go.microsoft.com/fwlink/?LinkId=521400 - - - Get-AzureKeyVaultSecret - - - - Remove-AzureKeyVaultSecret - - - - - +-- Encrypt +-- Decrypt +-- Wrap +-- Unwrap +-- Sign +-- Verify +-- Backup +-- RestoreString[]NotBeforeSpecifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. Nullable [DateTime]KeyFilePathSpecifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx. + +-- If the file is a .byok file, the key is automatically protected by HSMs after the import and you cannot override this default. + +-- If the file is a .pfx file, the key is automatically protected by software after the import. To override this default, set the Destination parameter to HSM so that the key is HSM-protected.When you specify this parameter, the Destination parameter is optional. + +StringAdd-AzureKeyVaultKeyVaultNameSpecifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringNameSpecifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).StringDisableIndicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.ExpiresSpecifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.Nullable [DateTime]KeyOpsSpecifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: + +-- Encrypt +-- Decrypt +-- Wrap +-- Unwrap +-- Sign +-- Verify +-- Backup +-- RestoreString[]NotBeforeSpecifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. Nullable [DateTime]DestinationSpecifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software. Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional: + +-- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key. + +-- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.HSMSoftwareDestinationSpecifies whether to add the key as a software-protected key or an HSM-protected key in the Key Vault service. Valid values are: HSM and Software. Note: To use HSM as your destination, you must have a key vault that supports HSMs. For more information about the service tiers and capabilities for Azure Key Vault, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).This parameter is required when you create a new key. If you import a key by using the KeyFilePath parameter, this parameter is optional: + +-- If you do not specify this parameter, and this cmdlet imports a key that has .byok file name extension, it imports that key as an HSM-protected key. The cmdlet cannot import that key as software-protected key. + +-- If you do not specify this parameter, and this cmdlet imports a key that has a .pfx file name extension, it imports the key as a software-protected key.StringStringnoneDisableIndicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.SwitchParameterSwitchParameternoneExpiresSpecifies the expiration time, as a DateTime object, for the key that this cmdlet adds. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. If you do not specify this parameter, the key does not expire.Nullable [DateTime]Nullable [DateTime]noneKeyFilePasswordSpecifies a password for the imported file as a SecureString object. To obtain a SecureString object, use the ConvertTo-SecureString cmdlet. For more information, type Get-Help ConvertTo-SecureString. You must specify this password to import a file with a .pfx file name extension. SecureStringSecureStringnoneKeyFilePathSpecifies the path of a local file that contains key material that this cmdlet imports. The valid file name extensions are .byok and .pfx. + +-- If the file is a .byok file, the key is automatically protected by HSMs after the import and you cannot override this default. + +-- If the file is a .pfx file, the key is automatically protected by software after the import. To override this default, set the Destination parameter to HSM so that the key is HSM-protected.When you specify this parameter, the Destination parameter is optional. + +StringStringnoneKeyOpsSpecifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: + +-- Encrypt +-- Decrypt +-- Wrap +-- Unwrap +-- Sign +-- Verify +-- Backup +-- RestoreString[]String[]noneNameSpecifies the name of the key to add to the vault. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment. The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and – (the dash symbol).StringStringnoneNotBeforeSpecifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the key can be used immediately. Nullable [DateTime]Nullable [DateTime]noneVaultNameSpecifies the name of the vault to which this cmdlet adds the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringStringnoneString, String[], DateTimeMicrosoft.Azure.Commands.KeyVault.Models.KeyBundleExample 1: Create a keyPS C:\>Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Destination 'Software' +This command creates a software-protected key named ITSoftware in the vault named Contoso.Example 2: Create an HSM keyPS C:\>Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITHsm' -Destination 'HSM' +This command creates an HSM-protected key in the key vault named Contoso.Example 3: Create a key with non-default valuesPS C:\>$KeyOperations = 'decrypt', 'verify' +PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() +PS C:\> $NotBefore=(Get-Date).ToUniversalTime() +PS C:\> Add-AzureKeyVaultKey -VaultName "Contoso" -Name 'ITHsmNonDefault' -Destination 'HSM' -Expires $Expires -NotBefore $NotBefore -KeyOps $KeyOperations -Disable +The first command stores the values decrypt and verify in the $KeyOperations variable.The second command creates a DateTime object, defined in UTC, by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date.The third command creates a DateTime object by using the Get-Date cmdlet. That object specifies current UTC time. The command stores that date in the $NotBefore variable. The final command creates a key named ITHsmNonDefault that is an HSM-protected key. The command specifies values for allowed key operations stored $KeyOperations. The command specifies times for the Expires and NotBefore parameters created in the previous commands. The new key is disabled. You can enable it by using the Set-AzureKeyVaultKey cmdlet.Example 4: Import an HSM keyPS C:\>Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITByok' -KeyFilePath 'C:\Contoso\ITByok.byok' -Destination 'HSM' +This command imports the key named ITByok from the location that the KeyFilePath parameter specifies. The imported key is an HSM-protected key.Example 5: Import a software-protected keyPS C:\>$Password = ConvertTo-SecureString -String 'password' -AsPlainText -Force +PS C:\> Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITPfx' -KeyFilePath 'C:\Contoso\ITPfx.pfx' -KeyFilePassword $Password +The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable. For more information, type Get-Help ConvertTo-SecureString.The second command creates a software password in the Contoso vault. The command specifies the location for the key and the password stored in $Password.Example 6: Import a key and assign attributesPS C:\>$Password = ConvertTo-SecureString -String 'password' -AsPlainText -Force +PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() +PS C:\> Add-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITPfxToHSM' -Destination 'HSM' -KeyFilePath 'C:\Contoso\ITPfx.pfx' -KeyFilePassword $Password -Expires $Expires +The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Password variable. The second command creates a DateTime object by using the Get-Date cmdlet, and then stores that object in the $Expires variable. The final command imports a key as an HSM key from the specified location. The command specifies the expiration time stored in $Expires and password stored in $Password.Online Version:http://go.microsoft.com/fwlink/?LinkId=520396Get-AzureKeyVaultKeyRemove-AzureKeyVaultKeySet-AzureKeyVaultKeyGet-AzureKeyVaultKeyGets the keys in a vault. GetAzureKeyVaultKeyThe Get-AzureKeyVaultKey cmdlet gets the keys in an Azure Key Vault. This cmdlet gets a specific Microsoft.Azure.Commands.KeyVault.Models.KeyBundle or a list of all KeyBundle objects in a vault. Get-AzureKeyVaultKeyVaultNameSpecifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your selected environment.StringVersionSpecifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.StringNameSpecifies the name of the key to get. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.StringGet-AzureKeyVaultKeyNameSpecifies the name of the key to get. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.StringVaultNameSpecifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your selected environment.StringNameSpecifies the name of the key to get. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.StringStringnoneVaultNameSpecifies the name of the vault from which this cmdlet gets keys. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your selected environment.StringStringnoneVersionSpecifies the key version. This cmdlet constructs the FQDN of a key based on the vault name, your currently selected environment, the key name, and the key version.StringStringnoneStringList<Microsoft.Azure.Commands.KeyVault.Models.KeyBundle>, Microsoft.Azure.Commands.KeyVault.Models.KeyBundleExample 1: Get all the keys in a vaultPS C:\>Get-AzureKeyVaultKey -VaultName 'Contoso' +This command gets all the keys in the vault named Contoso. Example 2: Get a specific key PS C:\>$key = Get-AzureKeyVaultKey -VaultName 'Contoso' -KeyName 'ITPfx' +This command gets the key named ITPfx in the vault named Contoso. After running this command, you can inspect various properties of the key by navigating the $key object.Online Version:http://go.microsoft.com/fwlink/?LinkId=521395Add-AzureKeyVaultKeyRemove-AzureKeyVaultKeySet-AzureKeyVaultKeyGet-AzureKeyVaultSecretGets the secrets in a vault. GetAzureKeyVaultSecretThe Get-AzureKeyVaultSecret cmdlet gets secrets in an Azure Key Vault. This cmdlet gets a specific secret or all the secrets in a vault. Get-AzureKeyVaultSecretVaultNameSpecifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringVersionSpecifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.StringNameSpecifies the name of a secret to get. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.StringGet-AzureKeyVaultSecretNameSpecifies the name of a secret to get. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.StringVaultNameSpecifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringNameSpecifies the name of a secret to get. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.StringStringnoneVaultNameSpecifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringStringnoneVersionSpecifies the secret version. This cmdlet constructs the FQDN of a secret based on the vault name, your currently selected environment, the secret name, and the secret version.StringStringnoneStringList<Microsoft.Azure.Commands.KeyVault.Models.Secret>, Microsoft.Azure.Commands.KeyVault.Models.SecretExample 1: Get all the secrets in a vaultPS C:\>Get-AzureKeyVaultSecret -VaultName 'Contoso' +This command gets all the secrets in the vault named Contoso. Example 2: Get a specific secret PS C:\>Get-AzureKeyVaultSecret -VaultName 'Contoso' -KeyName 'ITSecret' +This command gets the secret named ITSecret in the vault named Contoso. Online Version:http://go.microsoft.com/fwlink/?LinkId=521396Remove-AzureKeyVaultSecretSet-AzureKeyVaultSecretRemove-AzureKeyVaultKeyDeletes a key in a vault. RemoveAzureKeyVaultKeyThe Remove-AzureKeyVaultKey cmdlet deletes a key in an Azure Key Vault. This cmdlet has a value of high for the ConfirmImpact property.Remove-AzureKeyVaultKeyVaultNameSpecifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. StringNameSpecifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.StringForceIndicates that this cmdlet does not prompt you for confirmation.PassThruIndicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not return a value. ForceIndicates that this cmdlet does not prompt you for confirmation.SwitchParameterSwitchParameternoneNameSpecifies the name of the key to remove. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.StringStringnonePassThruIndicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.KeyBundle object. By default, this cmdlet does not return a value. SwitchParameterSwitchParameternoneVaultNameSpecifies the name of the vault from which to remove the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. StringStringnoneStringMicrosoft.Azure.Commands.KeyVault.Models.KeyBundleThis cmdlet returns a value only if you specify the PassThru parameter. Example 1: Remove a key from a vaultPS C:\>Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' +This command removes the key named ITSoftware from the vault named Contoso. Example 2: Remove a key without user confirmationPS C:\>Remove-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Force -Confirm:$False +This command removes the key named ITSoftware from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.Example 3: Remove keys by using the pipeline operatorPS C:\>Get-AzureKeyVaultKey -VaultName Contoso | Where-Object {$_.Attributes.Enabled -eq $False} | Remove-AzureKeyVaultKey +This command gets all the keys in the vault named Contoso, and passes them to the Where-Object cmdlet by using the pipeline operator. That cmdlet passes the keys that have a value of $False for the Enabled attribute to the current cmdlet. That cmdlet removes those keys. Online Version:http://go.microsoft.com/fwlink/?LinkId=521397Add-AzureKeyVaultKeyGet-AzureKeyVaultKeySet-AzureKeyVaultKeyRemove-AzureKeyVaultSecretDeletes a secret in a vault. RemoveAzureKeyVaultSecretThe Remove-AzureKeyVaultSecret cmdlet deletes a secret in an Azure Key Vault. This cmdlet has a value of high for the ConfirmImpact property.Remove-AzureKeyVaultSecretVaultNameSpecifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringNameSpecifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.StringForceIndicates that this cmdlet does not prompt you for confirmation.PassThruIndicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not return a value. ForceIndicates that this cmdlet does not prompt you for confirmation.SwitchParameterSwitchParameternoneNameSpecifies the name of a secret. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.StringStringnonePassThruIndicates that this cmdlet returns a Microsoft.Azure.Commands.KeyVault.Models.Secret object. By default, this cmdlet does not return a value. SwitchParameterSwitchParameternoneVaultNameSpecifies the name of the vault to which the secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringStringnoneStringMicrosoft.Azure.Commands.KeyVault.Models.SecretThis cmdlet returns a value only if you specify the PassThru parameter.Example 1: Remove a secret from a vaultPS C:\>Remove-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' +This command removes the secret named FinanceSecret from the vault named Contoso.Example 2: Remove a secret from a vault without user confirmationPS C:\>Remove-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' -Force -Confirm:$False +This command removes the secret named FinanceSecret from the vault named Contoso. The command specifies the Force and Confirm parameters, and, therefore, the cmdlet does not prompt you for confirmation.Online Version:http://go.microsoft.com/fwlink/?LinkId=521398Get-AzureKeyVaultSecretSet-AzureKeyVaultSecretSet-AzureKeyVaultKeyUpdate the attributes of a key in a vault. SetAzureKeyVaultKeyThe Set-AzureKeyVaultKey cmdlet updates the editable attributes of a key in an Azure Key Vault.Set-AzureKeyVaultKeyVaultNameSpecifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringNameSpecifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.StringEnableSpecifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key.Nullable [Boolean]ExpiresSpecifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. Nullable [DateTime]KeyOpsSpecifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: + +-- Encrypt +-- Decrypt +-- Wrap +-- Unwrap +-- Sign +-- Verify +-- Backup +-- RestoreString[]NotBeforeSpecifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. Nullable [DateTime]EnableSpecifies whether to enable or disable a key. A value of $True enables the key. A value of $False disables the key. If you do not specify this parameter, this cmdlet does not modify the status of the key.Nullable [Boolean]Nullable [Boolean]noneExpiresSpecifies the expiration time, as a DateTime object, for the key that this cmdlet updates. This parameter uses Coordinated Universal Time (UTC). To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date. Nullable [DateTime]Nullable [DateTime]noneKeyOpsSpecifies an array of operations that can be performed by using the key that this cmdlet adds. If you do not specify this parameter, all operations can be performed.The acceptable values for this parameter are a comma-separated list of key operations as defined by the JSON Web Key specification. These values are: + +-- Encrypt +-- Decrypt +-- Wrap +-- Unwrap +-- Sign +-- Verify +-- Backup +-- RestoreString[]String[]noneNameSpecifies the name of the key to update. This cmdlet constructs the fully qualified domain name (FQDN) of a key based on the name that this parameter specifies, the name of the vault, and your current environment.StringStringnoneNotBeforeSpecifies the time, as a DateTime object, before which the key cannot be used. This parameter uses UTC. To obtain a DateTime object, use the Get-Date cmdlet. Nullable [DateTime]Nullable [DateTime]noneVaultNameSpecifies the name of the vault in which this cmdlet modifies the key. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment.StringStringnoneString, Boolean, DateTimeMicrosoft.Azure.Commands.KeyVault.Models.KeyBundleExample 1: Modify a keyPS C:\>$Expires= (Get-Date).AddYears(2).ToUniversalTime() +PS C:\> Set-AzureKeyVaultKey -VaultName 'Contoso' -Name 'ITSoftware' -Expires $Expires -Enable $True +The first command creates a DateTime object by using the Get-Date cmdlet. That object specifies a time two years in the future. The command stores that date in the $Expires variable. For more information, type Get-Help Get-Date.The second command modifies a key named ITSoftware. The command enables the key and sets its expiration time to the time stored in $Expires. Online Version:http://go.microsoft.com/fwlink/?LinkId=521399Add-AzureKeyVaultKeyGet-AzureKeyVaultKeyRemove-AzureKeyVaultKeySet-AzureKeyVaultSecretCreates or updates a secret in a vault. SetAzureKeyVaultSecretThe Set-AzureKeyVaultSecret cmdlet creates or updates a secret in an Azure Key Vault. If the secret does not exist, this cmdlet creates it. If the secret already exists, this cmdlet replaces it with the value that you specify.Set-AzureKeyVaultSecretVaultNameSpecifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. StringNameSpecifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.StringSecretValueSpecifies the value for the secret.SecureStringNameSpecifies the name of a secret to modify. This cmdlet constructs the fully qualified domain name (FQDN) of a secret based on the name that this parameter specifies, the name of the vault, and your current environment.StringStringnoneSecretValueSpecifies the value for the secret.SecureStringSecureStringnoneVaultNameSpecifies the name of the vault to which this secret belongs. This cmdlet constructs the FQDN of a vault based on the name that this parameter specifies and your current environment. StringStringnoneString, SecureStringMicrosoft.Azure.Commands.KeyVault.Models.SecretExample 1: Modify the value of a secretPS C:\>$Secret = ConvertTo-SecureString -String 'password' -AsPlainText -Force +PS C:\> Set-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -SecretValue $Secret +The first command converts a string into a secure string by using the ConvertTo-SecureString cmdlet, and then stores that string in the $Secret variable. For more information, type Get-Help ConvertTo-SecureString.The second command modifies value of the secret named ITSecret in the vault named Contoso. The secret value becomes the value stored in $Secret. Online Version:http://go.microsoft.com/fwlink/?LinkId=521400Get-AzureKeyVaultSecretRemove-AzureKeyVaultSecret